Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Artemis! 13E9FC993847


  • This topic is locked This topic is locked
44 replies to this topic

#1 waldobleeping

waldobleeping

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 02 March 2012 - 04:33 PM

As per Bleeping instructions, please find attached files (ARK and DDS Attach), and DDS log pasted just below:

One of my computers (runs all night) displays a "file deleted" message from McAfee every morning. The specific name of the files deleted (generally it is always two files)changes each day, but they both have .vbt extensions. They are always in the C:\Windows\TEMP folder. McAfee each day shows what I think it believes to be the virus name Artemis! 13E9FC993847. I cannot find information on this variant.

Further, I also run STOPzilla, this too produces a flag each morning saying that it has deleted and blocked he following infections:

Explorer Policies.NoControlPanel
Explorer Policies.NoFolderoptions
System Policies.DisableRegistryTools
System Policies.DisableTaskMgr

I have run all the recommended standard maleware programs like MalwareBytes and SUPERAntiSpyware. Problem does not go away.

Thanks,

w

Begin DDS log


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.5.0_16
Run by Walt Weissman at 13:33:40 on 2012-03-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.1181 [GMT -7:00]
.
AV: McAfee® Security-as-a-Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Enabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee® Security-as-a-Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\DTS.exe
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\AtService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
c:\QUALCOMM\QDLService\QDLService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Lenovo\Access Connections\AcSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfeann.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
c:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Windows\explorer.exe
C:\Windows\system32\dllhost.exe
C:\Windows\System32\msdtc.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Walt Weissman\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyServer = http=148.63.201.177:9877;https=148.63.201.177:9877
uInternet Settings,ProxyOverride = *.local;<local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120228063129.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: RefresherBand Class: {b24ba06e-fb7b-4757-95c2-dc01125f750e} - c:\progra~1\yrefre~1\YREFRE~1.DLL
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
mRun: [TpShocks] TpShocks.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Computer Alarm Clock]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [MVS Splash] "c:\program files\mcafee\managed virusscan\desktopui\XTray.exe"
uPolicies-explorer: DisallowCpl = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 205.171.3.65 8.8.8.8 8.8.4.4
TCP: Interfaces\{16A4933A-BF3A-4841-88D8-E50089DAF38D}\071627C65363 : DhcpNameServer = 192.168.178.1
TCP: Interfaces\{16A4933A-BF3A-4841-88D8-E50089DAF38D}\14E61647F6C69616E684F657375637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{16A4933A-BF3A-4841-88D8-E50089DAF38D}\372727 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{16A4933A-BF3A-4841-88D8-E50089DAF38D}\77B677 : DhcpNameServer = 192.168.10.1
TCP: Interfaces\{16A4933A-BF3A-4841-88D8-E50089DAF38D}\A5F6E65624 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{53F136E7-8C5B-4E42-AC91-B39E52309520} : DhcpNameServer = 192.168.0.1 205.171.2.65
TCP: Interfaces\{6B4AC5EB-4B8E-41FD-975A-55B85958669E} : DhcpNameServer = 205.171.3.65 8.8.8.8 8.8.4.4
TCP: Interfaces\{721B46C0-683D-49BE-A17A-C7926A54A8B7} : NameServer = 69.78.235.35 69.78.96.14
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli ACGina
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
============= SERVICES / DRIVERS ===============
.
R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2010-3-18 25968]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2012-1-13 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2012-1-13 44680]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2011-1-19 436728]
R0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-1-19 162928]
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2011-9-26 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2011-8-16 59080]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2011-3-29 20592]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2012-1-13 17032]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2012-1-13 187016]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2011-1-9 13680]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-1-19 88544]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-20 1701112]
R2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-20 98304]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-1-13 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-1-13 23176]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2012-2-21 821592]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-1-12 127336]
R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-2-28 159320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-2-28 145936]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-2-28 291064]
R2 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
R2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\qdlservice\QDLService.exe [2009-12-15 345336]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 Retrospect Client;Retrospect Client;c:\program files\retrospect\retrospect client\RemotSvc.exe [2008-12-1 61440]
R2 RumorServer;McAfee Peer Distribution Service;c:\program files\mcafee\managed virusscan\agent\myAgtSvc.exe [2012-2-28 291064]
R2 SWAGENT;SonicWALL Agent Service;c:\program files\mcafee\managed virusscan\agent\swAgent.exe [2012-2-28 189760]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-1-12 131432]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-1-12 142696]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-12-20 2058776]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2011-10-20 232664]
R3 jakndisMP;jakndisMP;c:\windows\system32\drivers\jakndis.sys [2011-12-13 30016]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-1-19 171296]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-1-19 58456]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-9-15 6000640]
R3 QCFilterlno;Lenovo USB Composite Device Filter Driver;c:\windows\system32\drivers\qcfilterlno.sys [2009-12-15 7168]
R3 qcusbnetlno;Lenovo USB-NDIS miniport;c:\windows\system32\drivers\qcusbnetlno.sys [2009-12-15 211456]
R3 qcusbserlno;Lenovo USB Device for Legacy Serial Communication;c:\windows\system32\drivers\qcusbserlno.sys [2009-12-15 111616]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-8-2 31848]
R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-9-26 61328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-1-12 101736]
S2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\lenovo\rescue and recovery\updatemonitor.exe --> c:\program files\lenovo\rescue and recovery\UpdateMonitor.exe [?]
S3 5U875UVC;Integrated Camera;c:\windows\system32\drivers\5U875.sys [2009-12-20 72320]
S3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-20 106496]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\drivers\AmpPal.sys [2011-8-8 243712]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2010-1-5 1500160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-12-20 29472]
S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2011-1-9 292200]
S3 FbsFd;FbsFd;c:\windows\system32\drivers\FbsFd.sys [2011-12-1 16048]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-13 136176]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-10-26 25088]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 jakndis;Jaksta Service;c:\windows\system32\drivers\jakndis.sys [2011-12-13 30016]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-1-19 85152]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\mferkdk.sys [2011-5-4 34248]
S3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-7 6639616]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\drivers\NETwNs32.sys [2010-10-18 7122944]
S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-3-18 89152]
S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2011-10-14 175168]
S3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\RegFilter.sys [2012-2-21 30600]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-9-24 1124848]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-8-2 31848]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-4-23 237568]
S3 Spyder2;ColorVision Spyder2;c:\windows\system32\drivers\Spyder2.sys [2007-6-7 12288]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-4-18 52224]
S3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\UrlFilter.sys [2012-2-21 19792]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1343400]
S4 ApRunSvc;Alps Application Launcher Service;c:\program files\apoint2k\aprunsvc.exe --> c:\program files\apoint2k\ApRunSvc.exe [?]
S4 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\win7_x86\FileMonitor.sys [2012-2-21 20336]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008]
.
=============== Created Last 30 ================
.
2012-02-29 13:10:29 -------- d-----w- c:\users\walt weissman\appdata\roaming\SUPERAntiSpyware.com
2012-02-29 13:09:49 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-29 13:09:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-29 13:02:31 -------- d-----w- c:\users\walt weissman\appdata\local\NeoSmart_Technologies
2012-02-29 12:59:25 -------- d-----w- c:\program files\NeoSmart Technologies
2012-02-28 13:31:14 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-28 13:31:01 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-21 19:28:26 -------- d-----w- c:\program files\Apoint2K
2012-02-21 19:28:07 104416 ----a-w- c:\windows\system32\Vxdif.dll
2012-02-21 19:27:59 154672 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-02-21 17:16:34 -------- d-----w- c:\users\walt weissman\appdata\roaming\IObit
2012-02-21 17:16:02 -------- d-----w- c:\program files\IObit
2012-02-21 16:57:43 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-21 16:55:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-21 16:55:30 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-21 16:47:55 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 14:44:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 00:24:18 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2012-02-21 00:24:15 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-02-21 00:24:14 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-02-20 23:26:22 -------- d-----w- c:\programdata\HyperTerminal
2012-02-20 23:26:20 164864 ----a-w- c:\windows\system32\UNWISE32.EXE
2012-02-20 23:26:01 -------- d-----w- c:\program files\HyperTerminal
2012-02-16 23:19:45 -------- d-----w- C:\ComboFixNew
2012-02-13 19:06:34 -------- d-----w- c:\program files\Cisco
.
==================== Find3M ====================
.
2012-01-13 13:16:04 444416 --sha-w- C:\EUMONBMP.SYS
2011-12-23 06:09:46 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-12-23 06:09:40 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-12-23 06:09:38 44680 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-12-23 06:09:32 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-12-23 06:09:30 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-12-10 22:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 00:12:22 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-12-08 00:12:22 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-12-08 00:12:22 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-12-08 00:12:22 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-12-08 00:12:22 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-12-08 00:12:22 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-12-08 00:12:22 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-12-08 00:12:20 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-12-08 00:12:20 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-12-08 00:12:20 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-12-08 00:12:20 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-12-08 00:12:20 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
.
============= FINISH: 13:34:32.73 ===============

BC AdBot (Login to Remove)

 


#2 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 04 March 2012 - 05:04 PM

Hello waldobleeping ,

My name is ratman and and I will be helping you with your computer problems.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

====================================================================================

Attach & GMER files do not appear to be attached. Can you resend please?
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#3 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 05 March 2012 - 09:34 AM

Ratman,

Thank you in advance for your generosity in helping me; it is much appreciated. I will try to attach the two files again.

Regards,

Walt

Attached Files



#4 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 05 March 2012 - 10:17 AM

Hello waldobleeping ,

Thanks for the logs.

Please download ComboFix from here:

Link


* IMPORTANT !!! Save ComboFix.exe to your Desktop.

  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Right click on ComboFix icon Posted Image and run as admin then follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\Combofix.txt

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#5 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 05 March 2012 - 12:15 PM

Per your request Ratman (also attached as a file for your convenience.)


ComboFix 12-03-04.02 - Walt Weissman 03/05/2012 9:33.6.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.2267 [GMT -7:00]
Running from: c:\users\Walt Weissman\Desktop\ComboFix.exe
AV: McAfee® Security-as-a-Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee® Security-as-a-Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Q:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-05 to 2012-03-05 )))))))))))))))))))))))))))))))
.
.
2012-03-05 16:44 . 2012-03-05 16:48 -------- d-----w- c:\users\Walt Weissman\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\users\McAfeeMVSUser.Laptop2\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-05 16:44 . 2012-03-05 16:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-02-29 13:10 . 2012-02-29 13:10 -------- d-----w- c:\users\Walt Weissman\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 13:09 . 2012-02-29 13:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-29 13:09 . 2012-02-29 13:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-29 13:02 . 2012-02-29 13:02 -------- d-----w- c:\users\Walt Weissman\AppData\Local\NeoSmart_Technologies
2012-02-29 12:59 . 2012-02-29 12:59 -------- d-----w- c:\program files\NeoSmart Technologies
2012-02-28 13:31 . 2011-01-19 17:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-28 13:31 . 2011-01-19 17:18 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-21 19:28 . 2012-02-21 19:28 -------- d-----w- c:\program files\Apoint2K
2012-02-21 19:28 . 2009-12-09 21:54 104416 ----a-w- c:\windows\system32\Vxdif.dll
2012-02-21 19:27 . 2009-12-09 21:54 154672 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-02-21 17:16 . 2012-02-21 17:16 -------- d-----w- c:\users\Walt Weissman\AppData\Roaming\IObit
2012-02-21 17:16 . 2012-02-21 17:16 -------- d-----w- c:\program files\IObit
2012-02-21 16:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-21 16:55 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-21 16:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-21 16:47 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 14:46 . 2012-02-21 14:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Webroot
2012-02-21 14:44 . 2012-02-21 14:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 00:24 . 2010-03-13 01:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2012-02-21 00:24 . 2005-08-03 23:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-02-21 00:24 . 2005-08-03 23:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-02-20 23:26 . 2012-02-20 23:26 -------- d-----w- c:\programdata\HyperTerminal
2012-02-20 23:26 . 2008-09-30 20:22 164864 ----a-w- c:\windows\system32\UNWISE32.EXE
2012-02-20 23:26 . 2012-02-20 23:26 -------- d-----w- c:\program files\HyperTerminal
2012-02-13 19:06 . 2012-02-13 19:06 -------- d-----w- c:\program files\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 06:09 . 2012-01-13 13:03 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-12-23 06:09 . 2012-01-13 13:06 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-12-23 06:09 . 2012-01-13 13:06 44680 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-12-23 06:09 . 2012-01-13 13:06 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-12-23 06:09 . 2012-01-13 13:06 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-12-10 22:24 . 2011-04-09 17:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 00:12 . 2011-12-08 00:12 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-12-08 00:12 . 2011-12-08 00:12 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-12-08 00:12 . 2011-12-08 00:12 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-12-08 00:12 . 2011-12-08 00:12 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-12-08 00:12 . 2011-12-08 00:12 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-12-08 00:12 . 2011-12-08 00:12 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-12-08 00:12 . 2011-12-08 00:12 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-12-08 00:12 . 2011-12-08 00:12 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-12-08 00:12 . 2011-12-08 00:12 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-12-08 00:12 . 2011-12-08 00:12 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-12-08 00:12 . 2011-12-08 00:12 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-12-08 00:12 . 2011-12-08 00:12 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 12:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-13 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-01 109296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-12-01 1322048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-27 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-27 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-09 176128]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-04-13 476480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftwareSplashScreen]
c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2011-10-20 19:11 33344 ----a-w- c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 19:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidSync]
2011-12-19 07:00 5539896 ----a-w- c:\program files\Android-Sync\AndroidSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 18:46 136176 ----atw- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-05-27 21:45 171288 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-01-08 04:09 585728 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-05-27 21:45 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 00:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 06:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-05-27 21:45 172824 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2009-08-04 03:00 358424 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-03-01 00:51 109296 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 21:23 31744 ----a-w- c:\program files\RotateImage\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-11-19 20:45 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-13 11:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-13 01:03 69568 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-09-26 61328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [x]
R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-21 106496]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-12-01 292200]
R3 FbsFd;FbsFd;c:\windows\system32\Drivers\FbsFd.sys [2011-12-02 16048]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 30016]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-01-19 85152]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-09-24 1124848]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 31848]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-04-16 237568]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-09-20 19792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2012-01-06 20336]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-12-01 25968]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-23 50312]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-23 44680]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-01-19 162928]
S0 MFX;MFX; [x]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [2011-09-26 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2011-08-16 59080]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-30 20592]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-23 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-23 187016]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-01-19 88544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-21 1701112]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-21 98304]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-01-19 145936]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-12-15 345336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 Retrospect Client;Retrospect Client;c:\program files\Retrospect\Retrospect Client\RemotSvc.exe [2008-12-02 61440]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [2011-04-13 189760]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-10-21 232664]
S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 30016]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]
S3 QCFilterlno;Lenovo USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterlno.sys [2009-12-15 7168]
S3 qcusbnetlno;Lenovo USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnetlno.sys [2009-12-15 211456]
S3 qcusbserlno;Lenovo USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserlno.sys [2009-12-15 111616]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 31848]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 01:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 11:33]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 11:33]
.
2012-03-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198952147-2692156801-1444838019-1004Core.job
- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 18:46]
.
2012-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198952147-2692156801-1444838019-1004UA.job
- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 18:46]
.
2012-02-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-05 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{BE32CA26-9B2C-4F97-B310-5228E3A6C2C6}.job
- c:\windows\system32\msfeedssync.exe [2011-04-27 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyServer = http=148.63.201.177:9877;https=148.63.201.177:9877
uInternet Settings,ProxyOverride = *.local;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: Interfaces\{721B46C0-683D-49BE-A17A-C7926A54A8B7}: NameServer = 69.78.235.35 69.78.96.14
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Computer Alarm Clock - (no file)
SafeBoot-klmdb.sys
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
MSConfigStartUp-GoToMeeting - c:\program files\Citrix\GoToMeeting\457\g2mstart.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
AddRemove-MVS - c:\progra~1\McAfee\MANAGE~1\Agent\myinx
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(6140)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Retrospect\Retrospect Client\retroclient.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\McAfee\SystemCore\mfeann.exe
c:\windows\system32\conhost.exe
c:\windows\System32\vds.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-03-05 10:00:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-05 17:00
.
Pre-Run: 13,122,772,992 bytes free
Post-Run: 13,237,178,368 bytes free
.
- - End Of File - - 2B2B178818B1343959E7AA3BA698BE1B

Attached Files



#6 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 05 March 2012 - 01:05 PM

Hello waldobleeping ,

Combofix has shown a few suspicious files.

I'd like you to send this to Jotti for checking:
  • Go to Jotti
  • Click on Browse... button on the open page
  • Navigate to c:\windows\System32\msgsvc.dll in File to scan: box
  • Click Open
  • File location should now appear in Jotti Browse window
  • Click Send

Can you copy the page address of Jotti's response in your next reply.

Please repeat this process for the following files:

c:\windows\System32\mspmsnsv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
c:\windows\System32\ntmssvc.dll
c:\windows\System32\srsvc.dll

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#7 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 05 March 2012 - 01:32 PM

Here are the Jotti file checks:Nothing seems to have looked suspicious.

walt

http://virusscan.jotti.org/en/scanresult/0173f18abf70a59487dc85994e54848cf09f6913
http://virusscan.jotti.org/en/scanresult/c1e9f28ede27a11632ab92d41f9c9666e20fac21/caf85ec0d5e15572ddcea4584641ad30d9979679
http://virusscan.jotti.org/en/scanresult/17a9f3e42ad61bc47f49fc5fb9258b73cd943eff/d0ecb79ead3e04a5c9fd6b4762d2f10b3435a1a2
http://virusscan.jotti.org/en/scanresult/d0ecb79ead3e04a5c9fd6b4762d2f10b3435a1a2
http://virusscan.jotti.org/en/scanresult/0f534c17959ea8bedb96df3da334d7012b6b5c89/af79b40c6086f06e1de09f2a0eb921bef3df7173
http://virusscan.jotti.org/en/scanresult/0f534c17959ea8bedb96df3da334d7012b6b5c89/af79b40c6086f06e1de09f2a0eb921bef3df7173
http://virusscan.jotti.org/en/scanresult/ffec711d5318ef9cf58eada7903dc0a47ea68339

#8 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 March 2012 - 07:39 AM

Hello Ratman,

This morning, for the first time after weeks of identical results, McAfee "trapped" Artemis! with a new number: Artemis!8238460F024D
STOPzilla also listed files deleted all seemingly trying to stop access to areas where i could kill an infection (registry, control panel).

Thanks for your time.

Walt

#9 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 06 March 2012 - 12:07 PM

Hello waldobleeping ,

STOPzilla also listed files deleted all seemingly trying to stop access to areas where i could kill an infection (registry, control panel).

Did this start at the same time as McAfee started reporting Artemis?

=============================================================================

I need you to run a CFScript:.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

DDS::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

==============================================================================



I'd like you to run a scan with aswMBR
Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

====================================================================================

I would like you to send one more file to Jotti for checking:
c:\windows\system32\drivers\FbsFd.sys

====================================================================================

In your next reply, please copy/paste the contents of the following:
  • C:\ComboFix.txt
  • aswMBR Log
  • Jotti report

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#10 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 06 March 2012 - 07:30 PM

Hi Ratman,

"Did this start at the same time as McAfee started reporting Artemis?" Well, I can't answer that. If I leave my computer on at night when I look at it in the A.M. I see messages from both products. McAfee tells me it has deleted 1 to 3 files all associate with (now two) Artemis! bugs. At the same time I have a message from Stopzilla that it is deleted the files listed in my earlier note. I can take screen shots if that helps.

As for your other questions. I ran the file you requested through the Jotti, and it came out clean.
http://virusscan.jotti.org/en/scanresult/5ce2a9f2eebbe708116e8d2f0603fbca11073955

Attached you will find the ComboFix.txt started with the CFScript, and the aswMBR.log, and as requested they are both "pasted" below.

ComboFix.txt

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3032.1788 [GMT -7:00]
Running from: c:\users\Walt Weissman\Desktop\ComboFix.exe
Command switches used :: c:\users\Walt Weissman\Desktop\CFScript.txt.txt
AV: McAfee® Security-as-a-Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: McAfee® Security-as-a-Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\windows\ServiceProfiles\NetworkService\AppData\Local\temp
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\windows\ServiceProfiles\LocalService\AppData\Local\temp
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\users\McAfeeMVSUser.Laptop2\AppData\Local\temp
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 23:56 . 2012-03-06 23:56 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-03-06 16:55 . 2009-10-28 02:31 3982240 ----a-w- c:\windows\system32\Flash10d.ocx
2012-03-06 16:55 . 2012-03-06 16:55 -------- d-----w- c:\program files\StreamTransport
2012-03-05 16:44 . 2012-03-07 00:01 -------- d-----w- c:\users\Walt Weissman\AppData\Local\temp
2012-02-29 13:10 . 2012-02-29 13:10 -------- d-----w- c:\users\Walt Weissman\AppData\Roaming\SUPERAntiSpyware.com
2012-02-29 13:09 . 2012-02-29 13:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-02-29 13:09 . 2012-02-29 13:09 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-29 13:02 . 2012-02-29 13:02 -------- d-----w- c:\users\Walt Weissman\AppData\Local\NeoSmart_Technologies
2012-02-29 12:59 . 2012-02-29 12:59 -------- d-----w- c:\program files\NeoSmart Technologies
2012-02-28 13:31 . 2011-01-19 17:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2012-02-28 13:31 . 2011-01-19 17:18 145936 ----a-w- c:\windows\system32\mfevtps.exe
2012-02-21 19:28 . 2012-02-21 19:28 -------- d-----w- c:\program files\Apoint2K
2012-02-21 19:28 . 2009-12-09 21:54 104416 ----a-w- c:\windows\system32\Vxdif.dll
2012-02-21 19:27 . 2009-12-09 21:54 154672 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-02-21 17:16 . 2012-02-21 17:16 -------- d-----w- c:\users\Walt Weissman\AppData\Roaming\IObit
2012-02-21 17:16 . 2012-02-21 17:16 -------- d-----w- c:\program files\IObit
2012-02-21 16:57 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-21 16:55 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-21 16:55 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-21 16:47 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-21 14:46 . 2012-02-21 14:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Webroot
2012-02-21 14:44 . 2012-02-21 14:44 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-21 00:24 . 2010-03-13 01:22 81920 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2012-02-21 00:24 . 2005-08-03 23:04 26719 ----a-w- c:\windows\system32\SERSPL.VXD
2012-02-21 00:24 . 2005-08-03 23:05 35892 ----a-w- c:\windows\system32\SER9PL.sys
2012-02-20 23:26 . 2012-02-20 23:26 -------- d-----w- c:\programdata\HyperTerminal
2012-02-20 23:26 . 2008-09-30 20:22 164864 ----a-w- c:\windows\system32\UNWISE32.EXE
2012-02-20 23:26 . 2012-02-20 23:26 -------- d-----w- c:\program files\HyperTerminal
2012-02-13 19:06 . 2012-02-13 19:06 -------- d-----w- c:\program files\Cisco
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-23 06:09 . 2012-01-13 13:03 20616 ----a-w- c:\windows\system32\fbnative.exe
2011-12-23 06:09 . 2012-01-13 13:06 187016 ----a-w- c:\windows\system32\drivers\EuFdDisk.sys
2011-12-23 06:09 . 2012-01-13 13:06 44680 ----a-w- c:\windows\system32\drivers\EUBKMON.sys
2011-12-23 06:09 . 2012-01-13 13:06 17032 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2011-12-23 06:09 . 2012-01-13 13:06 50312 ----a-w- c:\windows\system32\drivers\eubakup.sys
2011-12-10 22:24 . 2011-04-09 17:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-08 00:12 . 2011-12-08 00:12 68648 ----a-r- c:\windows\system32\IS3Hks5.dll
2011-12-08 00:12 . 2011-12-08 00:12 547880 ----a-r- c:\windows\system32\SZComp5.dll
2011-12-08 00:12 . 2011-12-08 00:12 482344 ----a-r- c:\windows\system32\SZBase5.dll
2011-12-08 00:12 . 2011-12-08 00:12 457768 ----a-r- c:\windows\system32\IS3DBA5.dll
2011-12-08 00:12 . 2011-12-08 00:12 30248 ----a-r- c:\windows\system32\IS3XDat5.dll
2011-12-08 00:12 . 2011-12-08 00:12 24616 ----a-r- c:\windows\system32\SZIO5.dll
2011-12-08 00:12 . 2011-12-08 00:12 134184 ----a-r- c:\windows\system32\IS3HTUI5.dll
2011-12-08 00:12 . 2011-12-08 00:12 740392 ----a-r- c:\windows\system32\IS3Base5.dll
2011-12-08 00:12 . 2011-12-08 00:12 392232 ----a-r- c:\windows\system32\IS3UI5.dll
2011-12-08 00:12 . 2011-12-08 00:12 232488 ----a-r- c:\windows\system32\IS3Win325.dll
2011-12-08 00:12 . 2011-12-08 00:12 105512 ----a-r- c:\windows\system32\IS3Inet5.dll
2011-12-08 00:12 . 2011-12-08 00:12 101416 ----a-r- c:\windows\system32\IS3Svc5.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\System32\msgsvc.dll
.
[-] 2006-10-19 04:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\System32\mspmsnsv.dll
[-] 2005-01-28 21:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
[-] 2008-04-14 12:42 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\System32\ntmssvc.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\System32\srsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-13 39408]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-01 109296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TpShocks"="TpShocks.exe" [2011-03-29 337256]
"PWMTRV"="c:\progra~1\ThinkPad\UTILIT~1\PWMTR32V.DLL" [2011-12-01 1322048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-27 171288]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-27 172824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EaseUs Watch"="c:\program files\EaseUS\Todo Backup\bin\EuWatch.exe" [2011-12-23 70792]
"EaseUs Tray"="c:\program files\EaseUS\Todo Backup\bin\TrayNotify.exe" [2011-12-26 743560]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-17 421736]
"AcWin7Hlpr"="c:\program files\Lenovo\Access Connections\AcTBenabler.exe" [2011-10-20 33344]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-09 176128]
"MVS Splash"="c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2011-04-13 476480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisallowCpl"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FingerPrintSoftwareSplashScreen]
c:\program files\Lenovo Fingerprint Software\SplashScreen.exe \s [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcWin7Hlpr]
2011-10-20 19:11 33344 ----a-w- c:\program files\Lenovo\Access Connections\AcTBenabler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 19:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 01:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 09:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 10:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AndroidSync]
2011-12-19 07:00 5539896 ----a-w- c:\program files\Android-Sync\AndroidSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-01 18:46 136176 ----atw- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2011-05-27 21:45 171288 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-01-08 04:09 585728 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2011-05-27 21:45 138008 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-17 00:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Message Center Plus]
2009-05-28 06:09 49976 ----a-w- c:\program files\Lenovo\Message Center Plus\MCPLaunch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2011-05-27 21:45 172824 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\picon]
2009-08-04 03:00 358424 ----a-w- c:\program files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
2012-03-01 00:51 109296 ----a-w- c:\program files\Siber Systems\AI RoboForm\robotaskbaricon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RotateImage]
2008-10-30 21:23 31744 ----a-w- c:\program files\RotateImage\RCIMGDIR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartAudio]
2009-11-19 20:45 307768 ------w- c:\program files\CONEXANT\SAII\SAIICpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-05-13 11:33 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 19:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2009-08-27 15:05 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPHOTKEY]
2011-07-13 01:03 69568 ----a-w- c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-07-14 01:14 65024 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2011-09-26 61328]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [2011-07-12 101736]
R2 TVT_UpdateMonitor;TVT Windows Update Monitor;c:\program files\Lenovo\Rescue and Recovery\UpdateMonitor.exe [x]
R3 5U875UVC;Integrated Camera;c:\windows\system32\DRIVERS\5U875.sys [2009-07-08 72320]
R3 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-10-21 106496]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 243712]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [2010-01-05 1500160]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 DozeSvc;Lenovo Doze Mode Service;c:\program files\ThinkPad\Utilities\DOZESVC.EXE [2011-12-01 292200]
R3 FbsFd;FbsFd;c:\windows\system32\Drivers\FbsFd.sys [2011-12-02 16048]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 30016]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-01-19 85152]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
R3 NETwLv32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
R3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-10-18 7122944]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.EXE [2011-12-01 89152]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\ThinkPad\Utilities\PWMEWSVC.EXE [2011-12-01 175168]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-09-20 30600]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-09-24 1124848]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 31848]
R3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2009-04-16 237568]
R3 Spyder2;ColorVision Spyder2;c:\windows\system32\DRIVERS\Spyder2.sys [2007-01-17 12288]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-09-20 19792]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-26 1343400]
R4 ApRunSvc;Alps Application Launcher Service;c:\program files\Apoint2K\ApRunSvc.exe [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2012-01-06 20336]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-08-27 92008]
S0 DozeHDD;DozeHDD;c:\windows\System32\DRIVERS\DozeHDD.sys [2011-12-01 25968]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-23 50312]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-23 44680]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-01-19 162928]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys [2011-09-26 61328]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [2011-08-16 59080]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM86.sys [2011-03-30 20592]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-23 17032]
S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-23 187016]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-01-19 88544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-10-21 1701112]
S2 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-10-21 98304]
S2 EaseUS Agent;EaseUS Agent;c:\program files\EaseUS\Todo Backup\bin\Agent.exe [2011-12-23 61064]
S2 Guard Agent;Guard Agent;c:\program files\EaseUS\Todo Backup\bin\GuardAgent.exe [2011-12-23 23176]
S2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-10 821592]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [2011-07-12 127336]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-01-19 145936]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-12-15 345336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 Retrospect Client;Retrospect Client;c:\program files\Retrospect\Retrospect Client\RemotSvc.exe [2008-12-02 61440]
S2 RumorServer;McAfee Peer Distribution Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2011-04-13 291064]
S2 SWAGENT;SonicWALL Agent Service;c:\program files\McAfee\Managed VirusScan\Agent\swAgent.exe [2011-04-13 189760]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-07-12 131432]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [2011-07-12 142696]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-08-04 2058776]
S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-09-01 485376]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2011-10-21 232664]
S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys [2011-07-21 30016]
S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-09-15 6000640]
S3 QCFilterlno;Lenovo USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\qcfilterlno.sys [2009-12-15 7168]
S3 qcusbnetlno;Lenovo USB-NDIS miniport;c:\windows\system32\DRIVERS\qcusbnetlno.sys [2009-12-15 211456]
S3 qcusbserlno;Lenovo USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbserlno.sys [2009-12-15 111616]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [2010-08-02 31848]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2009-07-02 38336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-17 01:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 11:33]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 11:33]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198952147-2692156801-1444838019-1004Core.job
- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 18:46]
.
2012-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198952147-2692156801-1444838019-1004UA.job
- c:\users\Walt Weissman\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-06 18:46]
.
2012-02-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2012-03-06 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\PC-Doctor\uaclauncher.exe [2011-03-31 15:54]
.
2010-01-11 c:\windows\Tasks\User_Feed_Synchronization-{BE32CA26-9B2C-4F97-B310-5228E3A6C2C6}.job
- c:\windows\system32\msfeedssync.exe [2011-04-27 14:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
uInternet Settings,ProxyServer = http=148.63.201.177:9877;https=148.63.201.177:9877
uInternet Settings,ProxyOverride = *.local;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: Interfaces\{721B46C0-683D-49BE-A17A-C7926A54A8B7}: NameServer = 69.78.235.35 69.78.96.14
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(4632)
c:\program files\PC-Doctor\PcdToolbar584923.dll
c:\program files\ThinkPad\Utilities\PWMTR32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\US\PWMRT32V.DLL
c:\progra~1\ThinkPad\UTILIT~1\PWMIF32V.DLL
c:\program files\ThinkPad\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Lenovo\Access Connections\AcPrfMgrSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Retrospect\Retrospect Client\retroclient.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Lenovo\Access Connections\AcSvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\McAfee\SystemCore\mfeann.exe
c:\windows\system32\conhost.exe
c:\windows\System32\vds.exe
c:\program files\ThinkPad\Bluetooth Software\btwdins.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\windows\system32\taskhost.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\windows\system32\conhost.exe
c:\windows\System32\TpShocks.exe
c:\windows\System32\rundll32.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\Apntex.exe
c:\windows\system32\conhost.exe
c:\progra~1\ThinkPad\UTILIT~1\SCHTASK.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-03-06 17:06:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 00:06
ComboFix2.txt 2012-03-05 17:00
.
Pre-Run: 11,947,167,744 bytes free
Post-Run: 12,000,059,392 bytes free
.
- - End Of File - - 7552C78505AA2F9E3475B51C62E668D4



****************
aswMBR Log

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-06 10:45:37
-----------------------------
10:45:37.838 OS Version: Windows 6.1.7601 Service Pack 1
10:45:37.839 Number of processors: 2 586 0x1706
10:45:37.841 ComputerName: LAPTOP2 UserName:
10:45:38.194 Initialize success
10:46:25.964 AVAST engine defs: 12030600
10:46:36.750 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:46:36.753 Disk 0 Vendor: SAMSUNG_ VBM1 Size: 122104MB BusType: 3
10:46:36.892 Disk 0 MBR read successfully
10:46:36.896 Disk 0 MBR scan
10:46:36.903 Disk 0 unknown MBR code
10:46:36.908 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1193 MB offset 2048
10:46:36.916 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 110910 MB offset 2445312
10:46:36.925 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10000 MB offset 229588992
10:46:36.935 Disk 0 scanning sectors +250068992
10:46:36.951 Disk 0 scanning C:\Windows\system32\drivers
10:46:51.332 Service scanning
10:47:10.886 Modules scanning
10:47:17.582 Disk 0 trace - called modules:
10:47:17.597 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
10:47:17.605 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b3e030]
10:47:17.612 3 CLASSPNP.SYS[8bbb759e] -> nt!IofCallDriver -> [0x85b618e8]
10:47:17.621 5 ACPI.sys[8b8ac3d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8610d028]
10:47:18.010 AVAST engine scan C:\
14:53:43.968 Scan finished successfully
16:07:44.596 Disk 0 MBR has been saved successfully to "C:\Users\
16:07:44.604 The log file has been saved successfully to "C:\Users\

**************


Again, thanks for your kindness.

Walt

Attached Files



#11 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 07 March 2012 - 07:13 AM

Hi,

Are you still seeing the same problem?

Can you please run a scan with Malwarebytes - ensuring the virus definitions are at the latest level.

Please copy/paste the log in your next reply.
regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#12 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 March 2012 - 08:03 AM

Yes, still have same problem Ratman.

Attached you will find screen shots of what found this morning (something similar every morning):

Will run Malwarebytes again.

thanks,

w

Attached Files



#13 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 March 2012 - 10:02 AM

the malwarebytes result:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Walt Weissman :: LAPTOP2 [administrator]

3/7/2012 6:13:52 AM
mbam-log-2012-03-07 (06-13-52).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 429790
Time elapsed: 56 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 ratman

ratman

    Bleepin' gnawing at it!


  • Malware Response Team
  • 1,799 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Scotland
  • Local time:06:54 AM

Posted 07 March 2012 - 01:22 PM

Hello waldobleeping ,

Thanks for the screenshots and log. I'd like you to do the following.

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


In your next reply, please copy/paste the contents of the following:
  • SuperAntiSpyware Scan Log

regards, ratman

a proud member of:
Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM

If I have helped and you would like to show your appreciation you may Posted Image to the cause.



#15 waldobleeping

waldobleeping
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:54 PM

Posted 07 March 2012 - 08:54 PM

Ratman, per your request here are the results from the SuperAntiSpyware Scan Log:
It did seem to find one serious threat. See attached Screen shot.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2012 at 02:44 PM

Application Version : 5.0.1144

Core Rules Database Version : 8312
Trace Rules Database Version: 6124

Scan type : Complete Scan
Total Scan Time : 01:25:16

Operating System Information
Windows 7 Professional 32-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 903
Memory threats detected : 0
Registry items scanned : 37739
Registry threats detected : 1
File items scanned : 218486
File threats detected : 339

Adware.Tracking Cookie
.insightexpressai.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.bs.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.overture.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.liveperson.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.fastclick.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
sales.liveperson.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.kontera.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media2.legacy.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
network.realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c1.atdmt.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ru4.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.smartadserver.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.lucidmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.yieldmanager.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.ads.pointroll.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.legolas-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.247realmedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.casalemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.at.atwola.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.advertising.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.all-streaming-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.all-streaming-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.all-streaming-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.all-streaming-media.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.getclicky.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.static.getclicky.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.technoratimedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
in.getclicky.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.media6degrees.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.questionmarket.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.zedo.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adbrite.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
ad.yieldmanager.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.adserver.adtechus.com [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@A1.INTERCLICK[1].TXT [ /A1.INTERCLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AD.DOUBLECLICK[1].TXT [ /AD.DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AD.DOUBLECLICK[3].TXT [ /AD.DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AD.WSOD[1].TXT [ /AD.WSOD ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AD.YIELDMANAGER[1].TXT [ /AD.YIELDMANAGER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADBRITE[2].TXT [ /ADBRITE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADINTERAX[2].TXT [ /ADINTERAX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADREVOLVER[2].TXT [ /ADREVOLVER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.ASP[1].TXT [ /ADS.ASP ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.CNN[1].TXT [ /ADS.CNN ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.CNN[2].TXT [ /ADS.CNN ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.FOODBUZZ[1].TXT [ /ADS.FOODBUZZ ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.FT[1].TXT [ /ADS.FT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.FT[3].TXT [ /ADS.FT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.GMODULES[2].TXT [ /ADS.GMODULES ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.JIWIRE[1].TXT [ /ADS.JIWIRE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.JIWIRE[2].TXT [ /ADS.JIWIRE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.POINTROLL[1].TXT [ /ADS.POINTROLL ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS.UNDERTONE[2].TXT [ /ADS.UNDERTONE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADS2.NET-COMMUNITIES.CO[1].TXT [ /ADS2.NET-COMMUNITIES.CO ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADSERVER.ADTECHUS[2].TXT [ /ADSERVER.ADTECHUS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADSERVING.CONTEXTUALMARKETPLACE[2].TXT [ /ADSERVING.CONTEXTUALMARKETPLACE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADTECHUS[1].TXT [ /ADTECHUS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADULTDVDWORLD.INADULT[1].TXT [ /ADULTDVDWORLD.INADULT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADULTFRIENDFINDER[1].TXT [ /ADULTFRIENDFINDER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ADVERTISING[2].TXT [ /ADVERTISING ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AI.DRIVINGREVENUE[2].TXT [ /AI.DRIVINGREVENUE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AMERICANHEART.122.2O7[1].TXT [ /AMERICANHEART.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ATDMT[2].TXT [ /ATDMT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ATDMT[3].TXT [ /ATDMT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BEACON.DMSINSIGHTS[2].TXT [ /BEACON.DMSINSIGHTS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BLOOMBERG.122.2O7[1].TXT [ /BLOOMBERG.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BORDERS.112.2O7[1].TXT [ /BORDERS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BORDERS.112.2O7[2].TXT [ /BORDERS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BR.NAKED[2].TXT [ /BR.NAKED ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BROADWAYCOM.122.2O7[1].TXT [ /BROADWAYCOM.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BS.SERVING-SYS[2].TXT [ /BS.SERVING-SYS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BURSTBEACON[2].TXT [ /BURSTBEACON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@BURSTNET[1].TXT [ /BURSTNET ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CACHE.TRAFFICMP[1].TXT [ /CACHE.TRAFFICMP ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CASALEMEDIA[2].TXT [ /CASALEMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CDN.INVITEMEDIA[2].TXT [ /CDN.INVITEMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CDN4.SPECIFICCLICK[1].TXT [ /CDN4.SPECIFICCLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CFBILLPAY41.DIGITALINSIGHT[1].TXT [ /CFBILLPAY41.DIGITALINSIGHT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CFBILLPAY41.DIGITALINSIGHT[2].TXT [ /CFBILLPAY41.DIGITALINSIGHT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CHITIKA[2].TXT [ /CHITIKA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CISCO.112.2O7[1].TXT [ /CISCO.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CLASSIFIEDVENTURES1.112.2O7[1].TXT [ /CLASSIFIEDVENTURES1.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CLICKPASS[2].TXT [ /CLICKPASS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CNETASIAPACIFIC.122.2O7[1].TXT [ /CNETASIAPACIFIC.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@COLLECTIVE-MEDIA[2].TXT [ /COLLECTIVE-MEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CONTENT.YIELDMANAGER[1].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CONTENT.YIELDMANAGER[3].TXT [ /CONTENT.YIELDMANAGER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@COXTRAVELCHANNEL.112.2O7[1].TXT [ /COXTRAVELCHANNEL.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@CRATEBARREL.112.2O7[1].TXT [ /CRATEBARREL.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@DOMINIONENTERPRISES.112.2O7[1].TXT [ /DOMINIONENTERPRISES.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@DOUBLECLICK[1].TXT [ /DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@DOUBLECLICK[3].TXT [ /DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ECONOMIST.122.2O7[1].TXT [ /ECONOMIST.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EDGE.RU4[1].TXT [ /EDGE.RU4 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EDGE.RU4[2].TXT [ /EDGE.RU4 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-ARTNETWORLDWIDE.HITBOX[2].TXT [ /EHG-ARTNETWORLDWIDE.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-ARTNETWORLDWIDE.HITBOX[3].TXT [ /EHG-ARTNETWORLDWIDE.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-CONNORSGROUP.HITBOX[2].TXT [ /EHG-CONNORSGROUP.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-COOPERLIGHTING.HITBOX[2].TXT [ /EHG-COOPERLIGHTING.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-CYGNUSBM.HITBOX[2].TXT [ /EHG-CYGNUSBM.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-LINKSYS.HITBOX[1].TXT [ /EHG-LINKSYS.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-MORNINGSTAR.HITBOX[2].TXT [ /EHG-MORNINGSTAR.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-NEWYORKPOST.HITBOX[2].TXT [ /EHG-NEWYORKPOST.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-RESEARCHINMOTION.HITBOX[2].TXT [ /EHG-RESEARCHINMOTION.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-TECHTARGET.HITBOX[1].TXT [ /EHG-TECHTARGET.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-TECHTARGET.HITBOX[2].TXT [ /EHG-TECHTARGET.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-THEGOLDMANSACHSGROUP.HITBOX[2].TXT [ /EHG-THEGOLDMANSACHSGROUP.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-VERIZON.HITBOX[2].TXT [ /EHG-VERIZON.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-VERIZON.HITBOX[3].TXT [ /EHG-VERIZON.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EHG-VIACOM.HITBOX[2].TXT [ /EHG-VIACOM.HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@EYEWONDER[1].TXT [ /EYEWONDER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@FASTCLICK[1].TXT [ /FASTCLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@FOXINTERACTIVEMEDIA.122.2O7[1].TXT [ /FOXINTERACTIVEMEDIA.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@GMGMACFS.112.2O7[1].TXT [ /GMGMACFS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@GOOGLEADS.G.DOUBLECLICK[1].TXT [ /GOOGLEADS.G.DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@GOOGLEADS.G.DOUBLECLICK[3].TXT [ /GOOGLEADS.G.DOUBLECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HERTZ.122.2O7[3].TXT [ /HERTZ.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HIGHBEAM.122.2O7[1].TXT [ /HIGHBEAM.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HITBOX[1].TXT [ /HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HITBOX[2].TXT [ /HITBOX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HOMESECURITYSTORE.122.2O7[1].TXT [ /HOMESECURITYSTORE.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HOMESTORE.122.2O7[1].TXT [ /HOMESTORE.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@HOMESTORE.122.2O7[2].TXT [ /HOMESTORE.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@IMRWORLDWIDE[2].TXT [ /IMRWORLDWIDE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@INSIGHTEXPRESSAI[1].TXT [ /INSIGHTEXPRESSAI ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@INTERCLICK[1].TXT [ /INTERCLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@INVITEMEDIA[2].TXT [ /INVITEMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LEEENTERPRISES.112.2O7[1].TXT [ /LEEENTERPRISES.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LEEENTERPRISES.112.2O7[2].TXT [ /LEEENTERPRISES.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LENOVO.112.2O7[1].TXT [ /LENOVO.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LENOVO.112.2O7[3].TXT [ /LENOVO.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LFSTMEDIA[2].TXT [ /LFSTMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@LOCKEDONMEDIA[2].TXT [ /LOCKEDONMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MARKETLIVE.122.2O7[1].TXT [ /MARKETLIVE.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MARRIOTTINTERNATIONAL.122.2O7[1].TXT [ /MARRIOTTINTERNATIONAL.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MARRIOTTINTERNATIONAL.122.2O7[2].TXT [ /MARRIOTTINTERNATIONAL.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDHELPINTERNATIONAL.112.2O7[1].TXT [ /MEDHELPINTERNATIONAL.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDIA.ADFRONTIERS[1].TXT [ /MEDIA.ADFRONTIERS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDIA.ADREVOLVER[1].TXT [ /MEDIA.ADREVOLVER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDIA6DEGREES[1].TXT [ /MEDIA6DEGREES ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDIAGRIF.112.2O7[1].TXT [ /MEDIAGRIF.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MEDIAPLEX[1].TXT [ /MEDIAPLEX ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MICROSOFTINTERNETEXPLORER.112.2O7[1].TXT [ /MICROSOFTINTERNETEXPLORER.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MICROSOFTSTO.112.2O7[1].TXT [ /MICROSOFTSTO.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MICROSOFTWINDOWS.112.2O7[1].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MICROSOFTWINDOWS.112.2O7[2].TXT [ /MICROSOFTWINDOWS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MICROSOFTWLMESSENGERMKT.112.2O7[1].TXT [ /MICROSOFTWLMESSENGERMKT.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MSNBC.112.2O7[1].TXT [ /MSNBC.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MSNBC.112.2O7[2].TXT [ /MSNBC.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MSNPORTAL.112.2O7[1].TXT [ /MSNPORTAL.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MYACCOUNT.VERIZONWIRELESS[1].TXT [ /MYACCOUNT.VERIZONWIRELESS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MYACCOUNT.VERIZONWIRELESS[2].TXT [ /MYACCOUNT.VERIZONWIRELESS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@MYROITRACKING[1].TXT [ /MYROITRACKING ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@NETMONSTER.112.2O7[1].TXT [ /NETMONSTER.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@NETWORK.REALMEDIA[2].TXT [ /NETWORK.REALMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@NETWORKSOLUTIONS.112.2O7[1].TXT [ /NETWORKSOLUTIONS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@NORTHWESTAIRLINES.112.2O7[1].TXT [ /NORTHWESTAIRLINES.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@NORTHWESTAIRLINES.112.2O7[2].TXT [ /NORTHWESTAIRLINES.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@OPTIMIZE.INDIECLICK[2].TXT [ /OPTIMIZE.INDIECLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@PENTONMEDIA.122.2O7[1].TXT [ /PENTONMEDIA.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@POINTROLL[1].TXT [ /POINTROLL ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@QUESTIONMARKET[2].TXT [ /QUESTIONMARKET ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@READERSDIGEST.122.2O7[1].TXT [ /READERSDIGEST.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@REALMEDIA[1].TXT [ /REALMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@REVSCI[1].TXT [ /REVSCI ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@REVSCI[2].TXT [ /REVSCI ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@REVSCI[4].TXT [ /REVSCI ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@REVSCI[5].TXT [ /REVSCI ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@RICHMEDIA.YAHOO[1].TXT [ /RICHMEDIA.YAHOO ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@RU4[1].TXT [ /RU4 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[2].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[3].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[4].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[5].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[6].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[7].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SALES.LIVEPERSON[8].TXT [ /SALES.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SCHAEFFERS.112.2O7[1].TXT [ /SCHAEFFERS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SCHAEFFERS.112.2O7[2].TXT [ /SCHAEFFERS.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[2].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[3].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[4].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[5].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[6].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[7].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[8].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVER.IAD.LIVEPERSON[9].TXT [ /SERVER.IAD.LIVEPERSON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SERVING-SYS[2].TXT [ /SERVING-SYS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SEX.MYPLEASURE[1].TXT [ /SEX.MYPLEASURE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SHOPPING.112.2O7[1].TXT [ /SHOPPING.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SMARTADSERVER[1].TXT [ /SMARTADSERVER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SNAP9.ADVERTSERVE[2].TXT [ /SNAP9.ADVERTSERVE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SOJERN.122.2O7[1].TXT [ /SOJERN.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SOJERN.122.2O7[2].TXT [ /SOJERN.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SONICWALL.122.2O7[1].TXT [ /SONICWALL.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SPECIFICCLICK[1].TXT [ /SPECIFICCLICK ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SPECIFICMEDIA[1].TXT [ /SPECIFICMEDIA ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@STAT.ONESTAT[2].TXT [ /STAT.ONESTAT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@STATCOUNTER[2].TXT [ /STATCOUNTER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@STATS.PAYPAL[2].TXT [ /STATS.PAYPAL ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@STATSE.WEBTRENDSLIVE[1].TXT [ /STATSE.WEBTRENDSLIVE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@STATSE.WEBTRENDSLIVE[3].TXT [ /STATSE.WEBTRENDSLIVE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@SUPERPAGES.122.2O7[1].TXT [ /SUPERPAGES.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@THECHRONICLEOFHIGHEREDUCATION.122.2O7[1].TXT [ /THECHRONICLEOFHIGHEREDUCATION.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@THECHRONICLEOFHIGHEREDUCATION.122.2O7[2].TXT [ /THECHRONICLEOFHIGHEREDUCATION.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@TRACKALYZER[1].TXT [ /TRACKALYZER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@TRACKER.LEADINGLINKANALYTICS[2].TXT [ /TRACKER.LEADINGLINKANALYTICS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@TRAFFICMP[2].TXT [ /TRAFFICMP ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@TRAVELADVERTISING[1].TXT [ /TRAVELADVERTISING ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@TRISEPTSOLUTIONS.122.2O7[1].TXT [ /TRISEPTSOLUTIONS.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@USATODAY1.112.2O7[1].TXT [ /USATODAY1.112.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@USNEWS.122.2O7[1].TXT [ /USNEWS.122.2O7 ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@VIEW.ATDMT[2].TXT [ /VIEW.ATDMT ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WINDOWS-MEDIA-PLAYER-UPDATES[1].TXT [ /WINDOWS-MEDIA-PLAYER-UPDATES ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.BURSTBEACON[2].TXT [ /WWW.BURSTBEACON ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.BURSTNET[2].TXT [ /WWW.BURSTNET ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.FINDMYORDER[1].TXT [ /WWW.FINDMYORDER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.QSSTATS[1].TXT [ /WWW.QSSTATS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.QSSTATS[3].TXT [ /WWW.QSSTATS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW.WINDOWS-MEDIA-PLAYER-UPDATES[1].TXT [ /WWW.WINDOWS-MEDIA-PLAYER-UPDATES ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@WWW6.ADDFREESTATS[1].TXT [ /WWW6.ADDFREESTATS ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@XXXDATABASE[1].TXT [ /XXXDATABASE ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@YIELDMANAGER[2].TXT [ /YIELDMANAGER ]
C:\USERS\WALT WEISSMAN\APPDATA\LOCAL\LAPLINK\PCMOVER\COOKIES\WALT@ZEDO[2].TXT [ /ZEDO ]

System.BrokenFileAssociation
HKCR\.exe


What do you think? Is/was this my nasty bug?

best,

Walt

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users